Answered by:

Windows 7 VPN problems

Question

I have a windows 2003 R2 server running a PPTP VPN that supports MS CHAP V2. All non-windows 7 clients connect successfully and are able to access both domain local resources such as file server and public websites e.g bbc.co.uk

Windows 7 machines connect successfully to the VPN. They are assigned a Ip within the range of 169.254.x.x.

I can access local resources e.g file servers. only via Start run \\fileservername. If I use the fully qualified domain name e.g \\fileserver.domainname.com this fails. I can preform a nslookup and resolve the hostname to a IP number successfully. Trying to access the server via it's IP also works.

I am unable to access public websites such as the bbc website.

If I try and ping the default gateway IP I get a response.

If I ping local servers via their IPs this works

If I ping local servers via their fully qualified hostnames this fails. e.g ping fileserver.domainname.com

nslookup works for any hostname

If I try to ping say the BBC website this fails.

If I try to ping -4 any host name (force it to use IPv4) this works.

Looks like their is some sort of issue with DNS and/or IPv6?

I've disabled IPV6 on the Clients VPN, the client still connects successfully but the problem persists. Any idea how I can resolve this issue?

I don't know if it's relevant to your case, but 169 addresses should not be assigned using dhcp as they are reserved for automatic addressing. Any standard computer with a nic, but with no connection to a dhcp server, will get an address in the 169 range.Addresses that are reserved for private use are:10.0.0.0 - 10.255.255.255172.16.0.0 - 172.31.255.255192.168.0.0 - 192.168.255.255

Maybe Windows 7 sees a 169 address and assumes there is no dhcp available? Just a guess... When you use netbios name instead of fqdn the request is broadcasted on the network, which means you don't rely on a dns server.

Not really. The 169.254.x.x/16 addresses are APIPA addresses. http://www.petri.co.il/whats_apipa.htm They are assigned by the OS itself if the machine is set to get its network config from DHCP but no DHCP server can be found. This system allows a simple network to function without a DHCP server. APIPA addresses are not routable (as no default gateway is configured).

To get back to the original problem. If a RRAS VPN server cannot get any addresses from DHCP to use as its address pool, configure a static address pool in RRAS. Bill

All replies

The 169... addresses that you say are assigned, have you assigned them yourself, or are they auto assigned? It strikes me that if these are autoassigned you are not in contact with a dhcp server that gives you the address of a dns server to use. If so you should check if the dhcp relay is set up correctly in routing and remote access.

The 169 numbers are assigned by the VPN server. So I have set in routing and remote access > Properties > IP, "IP address assignment, the server can assign IP address by using DHCP". So the VPN is setup to give out private IPs and does NAT.

All the computers that connect to the VPN get a IP in this range, the non-windows 7 computers e.g XP don't seem to have the same connectivity problem. The one difference in the IP settings between the clients is that the Default gate way on windows 7 computers is set to 0.0.0.0. As far as I can tell from google this is the correct default behaviour for windows 7 clients connecting to a VPN.

I don't know if it's relevant to your case, but 169 addresses should not be assigned using dhcp as they are reserved for automatic addressing. Any standard computer with a nic, but with no connection to a dhcp server, will get an address in the 169 range.Addresses that are reserved for private use are:10.0.0.0 - 10.255.255.255172.16.0.0 - 172.31.255.255192.168.0.0 - 192.168.255.255

Maybe Windows 7 sees a 169 address and assumes there is no dhcp available? Just a guess... When you use netbios name instead of fqdn the request is broadcasted on the network, which means you don't rely on a dns server.

Not really. The 169.254.x.x/16 addresses are APIPA addresses. http://www.petri.co.il/whats_apipa.htm They are assigned by the OS itself if the machine is set to get its network config from DHCP but no DHCP server can be found. This system allows a simple network to function without a DHCP server. APIPA addresses are not routable (as no default gateway is configured).

To get back to the original problem. If a RRAS VPN server cannot get any addresses from DHCP to use as its address pool, configure a static address pool in RRAS. Bill

Install the VPN client in administrator account. Then on desktop icon of vpn client right click->properties-> Competiblity-> Windows XP SP3 and Run as administrative privileges. Yo will find successful logon to VPN

Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.